diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-09-30 14:37:10 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-09-30 14:37:10 +0300 |
commit | 49be2996254147cf7231fa3de310004fc7afda6a (patch) | |
tree | c0a40be5d43879a2579f1a51c535f57da5df057d /README.md | |
parent | b8b655ecf477de4d488aef0a3c6ce4c517a8c5c1 (diff) | |
download | awall-49be2996254147cf7231fa3de310004fc7afda6a.tar.bz2 awall-49be2996254147cf7231fa3de310004fc7afda6a.tar.xz |
README: customizing rulesv1.3.1
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -535,6 +535,28 @@ addresses separated by the **-** character. It is not necessary to specify **family** for bitmaps, since the kernel supports only IPv4 bitmaps. +## Customizing iptables Rules + +In the rare event that awall's capabilities do not suffice for your +use case, it is possible to manually define match options, targets, +and additional chains. Match options can be added via the **match** +attribute in the corresponding awall rule. The iptables target with +possible options can be set via the **action** attribute. The iptables +targets are always spelled in upper case, so awall can distinguish +them from other actions. + +Customized chains can be defined in the top-level dictionary named +**custom**. The key is the unique identifier of the chain, and +packets can be sent to the chain by defining the value of the +**action** attribute of an awall rule as this identifier prefixed by +**custom:**. The values of the dictionary are lists of objects. Each +object maps to a single rule in the custom iptables chain, defined +using two attributes: **match** for match options and **target** for +the target with its options. The target can also refer to another +customized chain, using the **custom:** prefix. It is also possible to +constrain each rule to IPv4 or IPv6 only by defining the **family** +attribute as **inet** or **inet6**, respectively. + ## Command Line Syntax ### Translating Policy Files to Firewall Configuration Files |